GENERAL DATA PROTECTION REGULATION
LGPD: 10 POINTS FOR YOU UNDERSTAND THE NEW DATA PROTECTION ACT IN BRAZIL.
Do you know what LGPD is? It is the acronym for General Law of Data Protection, sanctioned by President Michel Temer with the objective of increasing the privacy of personal data and the power of the regulators to oversee organizations. The document amends the Civil Internet Framework and arrives at a propitious time, marked by large leaks of information and scandals that rightly involve the misuse of personal information.
From now on, companies have 18 months to adapt to the law. Failure to comply with these obligations may result, for example, in very high fines that amount to up to R $ 50 million per infraction. Although this practice puts Brazil in the group of countries considered adequate in protecting citizens’ privacy, the expectation is that the coming months will be difficult and planning within corporations. Check out ten points to understand LGPD more:
- Objectives: The main goal is to ensure the privacy of people’s personal data and allow greater control over them. In addition, the law creates clear rules on the collection, storage and sharing of this information, helps to promote technological development in society and consumer protection itself..
- Motivations of the LGPD: There has been a great debate in the sector since 2010 on data protection. Among the factors that led to the approval of the Brazilian bill was the GPDR, a regulation approved by the European Union in May 2018. As this document has extraterritorial applicability, many Brazilian companies have already had to adapt to this new reality.
- Main points: the law is applied to all sectors of the economy; has extraterritorial application, that is, every company that has business in the country must suit it; user’s consent to collect personal information; holders may rectify, cancel or even request the exclusion of such data; creation of the National Data Protection Authority (ANPD); and the obligatory notification of any incident. the collection and processing of your personal data.
- Data Protection Officer: Organizations must now establish an Information Security Committee to review internal procedures. Within this government body there will be an exclusive professional for data protection and responsible for compliance with the new law.
- Maturity Assessment processes and Risk Impact: is the survey which conditions should be corrected by the company to guarantee that LGPD be fulfilled in all departments
- Reducing exposure to risk: here, is the step of implementing measures to protect personal data at the base of the company. They can be security, technical and administrative, that prevent, combat or minimize the loss or unavailability of information assets due to threats that act on some vulnerabilities.
- Adoption of Privacy by Design: covers protection from designing the product or system being incorporated directly to the technological structures to the business model and the physical infrastructure. That is, privacy is present in the architecture itself, allowing the user to be able to preserve and manage the collection and processing of their personal data.
- Subcontractor compliance: LGPD also extends to a company’s subcontractors, such as suppliers and technology partners. They are also subject to the obligations and can make indemnity payments, for example.
- Fines: The new law provides sanctions for those who do not have good practices. They include warning, fine or even a total or partial prohibition of data-processing activities. Fines can vary from 2% of previous year’s revenues to R $ 50 million, and daily penalties.
- Specialized partner: dealing with this situation while trying to run the business is not easy. A specialized partner can assist in this transition period, enabling greater knowledge and application of effective law enforcement measures.
DINAMO NETWORKS IS ABLE TO ASSIST YOUR COMPANY IN PROTECTING YOUR COMPANY DATA AND IN THE SAFETY AND MANAGEMENT OF YOUR DIGITAL IDENTITY. CONSULT OUR SPECIALISTS.
* SOURCE: Gabriel Camargo* Portal Computerworld